A tip-off from Google about the contents of a Gmail account led to the arrest of a 41-year-old Texan for possession of child abuse material, police revealed last week.

Police say the search firm tipped off America’s National Centre for Missing and Exploited Children (NCMEC) about material that it detected in an email sent by John Henry Skillern, a registered sex offender from Houston.

Google would only say that “we don’t comment on individual accounts”, but the Guardian understands that the process is similar to the system that the company rolled out in 2008 to try and clear its search results of child abuse material.

Images are hashed, a process that creates a unique identifier (known as a hash) while rendering it impossible to recreate the initial image, and the hash is compared to a database of known child abuse images. The technology used by Google to hash the image is unique, and was developed specifically to solve this problem.

The hashes are then compared with a database of known child sexual abuse images, and if they match, the image is passed on to the NCMEC, or its British counterpart the Internet Watch Foundation. At that point the first human – a trained specialist at one of the two organisations – sees the image, and decides whether or not to alert the authorities.

In 2013, Google expanded this system, partially in response to pressure from the Prime Minister. “Recently, we have started working to incorporate these fingerprints into a cross-industry database,” said the company’s chief legal officer, David Drummond, at the time. “This will enable companies, law enforcement, and charities to better collaborate on detecting and removing child abuse images.”

“Google is in the business of making information widely available, and we’ve always supported freedom of expression. But there can be no free speech when it comes to images of child sexual abuse.”

Google isn’t the only email provider that scans email for child abuse images. In 2013, another man was caught sharing illegal images using his AOL email address. But providers don’t tend to shout from the rooftops that they operate such programs.

That’s partially to balance the efforts to help organisations such as the IWF (which Google also part-funds) with the requirement to avoid disclosing details that will allow criminals to abuse the system. But it’s also because privacy campaigners tend to criticise the companies for handing over private emails.

The ACLU’s Christopher Soghoian noted to The Virginian Pilot that the ability to scan emails for child abuse images can easily be expanded to other ends.

“The impact of this system extends far beyond the company’s desire to assist in the discovery of this particularly horrible form of illegal content,” he wrote.

“Such expanded surveillance can be performed, quite easily, if the government provides AOL with a list of additional hashes to add to the company’s database and then forces the company to detect the transmission of those other types of prohibited content.”